Office 365 – PowerShell script to synchronize Azure Active Directory properties with SharePoint Online user profile properties

Hi All,

Today we will discuss synchronize Azure Active Dierctories properties with SharePoint online user profile properties using PowerShell script.

I try to put detailed comments, tried to be self explanatory script.

Following is the complete PowerShell script.

<#
.SYNOPSIS
 Sync given SPO user profile properties with Azure AD

 .PARAMETER CredentialFilePath
  Office 365 system account credential file path having two lines in following format
  UserName
  Password

  .PARAMETER SPOAdminURL
  SharePoint Online Admin Site URL

  .PARAMETER LogFolderPath
   Path where the logs will be generated
#>

param
(
    [parameter(Mandatory=$true)][string]$CredentialFilePath,
    [parameter(Mandatory=$true)][string]$SpoAdminUrl,
    [parameter(Mandatory=$false)][string]$LogFolderPath = "c:\"
)

if(-not(Get-PSSnapin | Where { $_.Name -eq "Microsoft.SharePoint.PowerShell"}))
{
  Add-PSSnapin Microsoft.SharePoint.PowerShell;
}

Import-Module MSOnline
Import-Module Microsoft.Online.SharePoint.PowerShell

# add SharePoint CSOM libraries on given path
Import-Module 'C:\Program Files\Common Files\microsoft shared\Web Server Extensions\16\ISAPI\Microsoft.SharePoint.Client.dll'
Import-Module 'C:\Program Files\Common Files\microsoft shared\Web Server Extensions\16\ISAPI\Microsoft.SharePoint.Client.Runtime.dll'
Import-Module 'C:\Program Files\Common Files\microsoft shared\Web Server Extensions\16\ISAPI\Microsoft.SharePoint.Client.UserProfiles.dll'

# function to write the log
Function LogWrite
{
   Param ([string]$logstring)
   $Logfile = $LogFolderPath + "\log.txt"
   Add-content $Logfile -value $logstring
}

Try 
{
    LogWrite "Syncing the AD Properties"

    #Get the user credential file path and getting user from it
    $user = Get-Content $CredentialFilePath 
	        | Select-Object -First 1

    #Getting password
    $password = Get-Content $CredentialFilePath 
	       | Select-Object -First 1 -Skip 1
    $securePassword = ConvertTo-SecureString $Password -AsPlainText -Force

    #Credential object
    $credential = New-Object 
	              -TypeName System.Management.Automation.PSCredential 
				  -argumentlist $user, $securePassword

    # Connect to Azure Active Directory
    Connect-MsolService -Credential $credential

    LogWrite "Azure Connected"

    # Get credentials for SharePointOnline
    $spoCredentials = New-Object 
	  Microsoft.SharePoint.Client.SharePointOnlineCredentials($credential.GetNetworkCredential().Username, 
	  (ConvertTo-SecureString $credential.GetNetworkCredential().Password -AsPlainText -Force))
    
    $ctx = New-Object Microsoft.SharePoint.Client.ClientContext($SpoAdminUrl)
    $ctx.Credentials = $spoCredentials
    $spoPeopleManager = New-Object 
	                    Microsoft.SharePoint.Client.UserProfiles.PeopleManager($ctx)

    # Get all AzureAD Users
    $AllAzureADUsers = Get-MSolUser -All

    ForEach ($azureADUser in $AllAzureADUsers) {

        #Here  Fax is just example here. Specify the property which we need to sync. 
        
        $fax = $azureADUser.Fax
        $user = $azureADUser.UserPrincipalName.ToString()
		#SharePoint Online user
        $sPOUser = ("i:0#.f|membership|" + $user)
		#update the SharePoint Online user profile property
        $spoPeopleManager.SetSingleValueProfileProperty($sPOUser, "Fax", $fax)
                    
        $ctx.ExecuteQuery()
     }#foreach
  }
Catch {
   #if exception happens
   LogWrite $Error
}

References:
Get-MsolUser
PeopleManager.SetSingleValueProfileProperty method
Connect-MsolService

Thanks for reading 🙂

Keep reading, share your thoughts, experiences. Feel free to contact us to discuss more. If you have any suggestion / feedback / doubt, you are most welcome.

Stay tuned on Knowledge-Junction, will come up with more such articles